Sometimes your query string can get veeeeery long due to having a big number of $_GET parameters in it. And what you might have noticed that sometimes your long query strings get cut off so not all the $_GET parameters that you put in it appear in the browser’s address bar. “What’s up with that ?” … you may think.

There could be a number of reasons and one of them is the topic of this post. Suhosin - an Apache module that put all sorts of checks and traps into your server functionality to catch nasty attempts to exploit the site. Sometimes, though, it may cause unwanted effects like the one described in the subject. If you are experiencing the symptoms described in the first paragraph check your server installation and, specifically, Suhosin module. By default, Suhosin is set to only allow query strings with no more than 200 parameters. So, if it is longer, it will get shortened to that set length. If you require longer than that query strings, you can change Suhosin’s settings in your php.ini. Look for the following lines:


suhosin.post.max_vars = 200
suhosin.request.max_vars = 200


… and change the numbers to higher ones. Easy.

Just a little notice though: make sure that you are using $_GET for getting, not for posting. Instead, maybe your better solution would be to use $_POST instead of $_GET.

Recently, we deployed a project that was using a multiple file uploader Flash component (that we used before for other projects successfully). To our surprise, it behaved abnormally and, in brief, it could be described as the following:

Every time a flash component was used to upload files it would drop the session (in IE 6 & 7) and consequently log out an already logged in user.

After making sure that all session related code was OK we started digging further - server configuration. Eventually, we narrowed down the cause of the problem and without hesitation annihilated the bugger.

It was Suhosin PHP module that dedicated servers with CPanel usually have installed for maintaining their security. Since it was the first project on this server to use flash uploader (and other servers have different configuration) it was the first time when we experienced the session issue.

Now…to cut story short and to give you what you actually want from the article…

The fix that did the trick was as follows:

1. disable suhosin.session.cryptua setting in php.ini

   suhosin.session.cryptua = Off

2. Add the following (if not there already) to php.ini

   suhosin.session.encrypt = Off

3. Restart apache

   We use CentOS: service httpd restart